NSA PRISM snoop-gate: Won't someone think of the children, wails Apple

10,000 things probed, mostly about missing kids, Alzheimer patients, we're told

High performance access to file storage

Apple has joined Facebook and Microsoft in revealing it has received thousands of requests for sensitive user data from US investigators in less than a year.

And like the two other giants, the fruity computer company is vague about the details.

A statement from Cupertino marks another attempt to diffuse the ongoing row over PRISM - the NSA's controversial project that taps up Apple and other internet goliaths for personal information on foreigners. The reveal tries to put a positive spin the iPhone-maker's close cooperation with cops and spies.

The cloud-powered iPad-slinger said it had dealt with between 4,000 and 5,000 surveillance requests from the US government since December 2012. These requests covered between 9,000 and 10,000 accounts or devices and came from federal, state and local authorities - the cases concerned had to do with both criminal investigations and national security matters.

"The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide," Apple said in a public statement. "Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities."

Apple claimed that iMessage, FaceTime, map search, location and Siri data remains private. In the case of Facetime and iMessage, this is thanks to end-to-end encryption, we're told. Map searches, location data and Siri queries are not retained by the company in a way that can identify a person, Cupertino insists. Files held in Apple's iCloud is another matter, it seems.

'We have never heard of PRISM'

Apple, Facebook and Google were among nine tech firms named as having participated (wittingly or unwittingly) in the controversial NSA PRISM we surveillance programme. The 41-page presentation was given in April this year and made public by the Washington Post.

The Apple statement, although it reveals the number of requests Cupertino complied with, it continues to deny allowing gov bods to access its servers, stating: "We first heard of the government’s 'Prism' program when news organizations asked us about it on June 6."

Since the exposure of the programme through the actions of former CIA contractor Edward Snowden, US tech firms have been lobbying the government to allow them to provide more details to their customers on the extent to which they have helped the authorities with their inquiries. Spy chiefs were against this disclosure but politicians appear to have overruled them and allowed tech giants to provide more details on wiretap requests than had been permitted with previous transparency reports from the likes of Google and Microsoft.

This move is clearly designed, at least in part, to reassure businesses and consumers that data held by US technology firms is not subject to dragnet surveillance, a concern that might prompt enterprises and international consumers to look for alternatives to US-based services.

Facebook released a similar set of data to Apple on Friday, saying it received 9,000 to 10,000 requests for user data from US authorities (local, state and federal) in the second half of 2012. These requests covered 18,000 to 19,000 of its users' accounts. "These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat," Facebook said in a statement.

The social network claimed that its lawyers guarded users' privacy jealously against these requests. "We’ve reiterated in recent days that we scrutinize every government data request that we receive – whether from state, local, federal, or foreign governments. We’ve also made clear that we aggressively protect our users’ data when confronted with such requests: we frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law," it said.

Microsoft, meanwhile, said it had handled 6,000 to 7,000 criminal and national security requests from US authorities affecting 31,000 to 32,000 accounts over the last six months of 2012. Redmond said the figures were an amalgamation of statistics from requests from US local, state and federal authorities. It said the figures included more on national security requests than previously provided while stating that the government has still not allowed it to be completely candid.

"For the first time, we are permitted to include the total volume of national security orders, which may include FISA orders, in this reporting. We are still not permitted to confirm whether we have received any FISA orders, but if we were to have received any they would now be included in our aggregate volumes," Microsoft said in a statement.

"We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other US local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and [only if] all Microsoft consumer services had to be reported together." ®

High performance access to file storage

More from The Register

next story
Seagate brings out 6TB HDD, did not need NO STEENKIN' SHINGLES
Or helium filling either, according to reports
European Court of Justice rips up Data Retention Directive
Rules 'interfering' measure to be 'invalid'
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
USA opposes 'Schengen cloud' Eurocentric routing plan
All routes should transit America, apparently
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.